dev-sec · atomic111 · Apr 25, 2016 · Feb 28, 2016
diff --git a/lockdown/inspec/os_spec.rb b/lockdown/inspec/os_spec.rb
@@ -18,7 +18,7 @@
 # author: Dominik Richter
 # author: Patrick Muench
 
-control '01' do
+control 'os-01' do
   impact 1.0
   title 'Trusted hosts login'
   desc "Rhosts/hosts.equiv files are a weak implemenation of authentication. Disabling the .rhosts and hosts.equiv support helps to prevent users from subverting the system's normal access control mechanisms of the system."
@@ -30,7 +30,7 @@
   end
 end
 
-control '02' do
+control 'os-02' do
   impact 1.0
   title 'Check owner and permissions for /etc/shadow'
   desc 'Check periodically the owner and permissions for /etc/shadow'
@@ -47,7 +47,7 @@
   end
 end
 
-control '03' do
+control 'os-03' do
   impact 1.0
   title 'Check owner and permissions for /etc/passwd'
   desc 'Check periodically the owner and permissions for /etc/passwd'
@@ -66,7 +66,7 @@
   end
 end
 
-control '04' do
+control 'os-04' do
   impact 1.0
   title 'Dot in PATH variable'
   desc 'Do not include the current working directory in PATH variable. This makes it easier for an attacker to gain extensive rigths by executing a Trojan program'
@@ -76,7 +76,7 @@
   end
 end
 
-control '05' do
+control 'os-05' do
   impact 1.0
   title 'Check login.defs'
   desc 'Check owner and permissions for login.defs. Also check the configured PATH variable and umask in login.defs'
@@ -110,7 +110,7 @@
   end
 end
 
-control '06' do
+control 'os-06' do
   impact 1.0
   title 'Check for SUID/ SGID blacklist'
   desc 'Find blacklisted SUID and SGID files to ensure that no rogue SUID and SGID files have been introduced into the system'
@@ -151,7 +151,7 @@
   end
 end
 
-control '07' do
+control 'os-07' do
   impact 1.0
   title 'Unique uid and gid'
   desc 'Check for unique uids gids'

diff --git a/lockdown/inspec/package_spec.rb b/lockdown/inspec/package_spec.rb
@@ -18,7 +18,7 @@
 # author: Dominik Richter
 # author: Patrick Muench
 
-control '01' do
+control 'package-01' do
   impact 1.0
   title 'Do not run deprecated inetd or xinetd'
   desc 'http://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf, Chapter 3.2.1'
@@ -30,7 +30,7 @@
   end
 end
 
-control '02' do
+control 'package-02' do
   impact 1.0
   title 'Do not install Telnet server'
   desc 'Telnet protocol uses unencrypted communication, that means the passowrd and other sensitive data are unencrypted. http://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf, Chapter 3.2.2'
@@ -39,7 +39,7 @@
   end
 end
 
-control '03' do
+control 'package-03' do
   impact 1.0
   title 'Do not install rsh server'
   desc 'The r-commands suffers same problem as telnet. http://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf, Chapter 3.2.3'
@@ -48,7 +48,7 @@
   end
 end
 
-control '05' do
+control 'package-05' do
   impact 1.0
   title 'Do not install ypserv server (NIS)'
   desc 'Network Information Service (NIS) has some security design weaknesses like inadequate protection of important authentication information. http://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf, Chapter 3.2.4'
@@ -57,7 +57,7 @@
   end
 end
 
-control '06' do
+control 'package-06' do
   impact 1.0
   title 'Do not install tftp server'
   desc 'tftp-server provides little security http://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf, Chapter 3.2.5'